Demystifying Targeted Attacks on Industrial Control Systems
- Wednesday, April 15th, 2015 at 1:00 PM EDT (17:00:00 UTC)
- Scott King, Graham Speake, and Eric Cornelius
You can now attend the webcast using your mobile device!
Today targeted attacks on industrial control systems are in the news at an alarming rate. During this webcast we'll discuss recent ICS attacks including the German Steel Mill and the Turkish Pipeline. We'll discuss attacker tactics and techniques, attack surfaces & paths, and finally defense lessons learned and how you can secure your control systems.
Mr. King started his career as a network and systems engineer in the mid 1990ís. In early 2001 he moved into the information security field supporting the Department of Defense. Over the past 10+ years Mr. King has held multiple roles within the security community supporting federal government and state government, DoD, commercial companies, and most recently critical infrastructure. For the past six years, Mr. King has worked for the Sempra Energy family of companies in multiple security roles. Today Mr. King is responsible for managing the cyber security department for all utility IT and critical infrastructure supporting SDG&E, Southern California Gas, and the parent company Sempra Energy.
Graham Speake is a control systems cyber security evangelist with over 30 years in the industrial engineering field. Graham is a vice president and chief product architect at NexDefense, he is a SANS trainer and also a subject matter expert to the GIAC Global Industrial Cyber Security Professional (GICSP) certification. Graham has had roles in both end-user companies (BP and Ford Motor Company) as well as industry suppliers (Yokogawa Electric Company and Industrial Control Services Ltd). Prior to NexDefense, Graham was Principal Systems Architect at Yokogawa Electric Corporation, a major supplier of ICS and SCADA equipment. He helped steer the development of security within the Yokogawa products and also to ensure that relevant security certifications such as ISASecure and Achilles were achieved. Before Yokogawa, Graham spent nearly 10 years at BP holding multiple security positions in both the UK and US. The majority of his focus during this time was on securing the critical plants both downstream and upstream (such as refineries, oil platforms, etc.)
Graham has authored and has been a technical editor for a number of books.
Eric Cornelius is the Director of Critical Infrastructure and Industrial Control Systems (ICS) at Cylance, Inc. He is responsible for the thought leadership, architecture and consulting implementations for the Company. His leadership keeps organizations safe, secure and resilient against advanced attackers. Previously, Eric served as the Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the US Department of Homeland Security. Eric brings a wealth of ICS knowledge to the Cylance team. In addition to his years of technical leadership, Eric literally wrote the book on incident response in the ICS arena. Eric's extensive knowledge of critical infrastructure and those who attack it will be brought to bear at Cylance as he leads a team of experts in securing America's critical systems. Eric is the co-author of "Recommended Practice: Creating Cyber Forensics Plans for Control Systems" as part of the DHS National Cyber Security Division, Control Systems Security Program, 2008. He is also a frequent speaker and instructor at ICS events across the globe. Cornelius earned a bachelor's degree from the New Mexico Institute of Mining and Technology where he was the recipient of many scholarships and awards including the National Science Foundation's Scholarship for Service. Cornelius went on to work at the Army Research Laboratory's Survivability/Lethality Analysis Directorate where he worked to secure field deployable combat technologies. It was at ARL that Cornelius became interested in non-traditional computing systems, an interest which ultimately led him to the Idaho National Laboratory. While at INL, Cornelius participated in deep-dive vulnerability assessments of a wide range of ICS systems. After attacking these systems for several years, Cornelius began to develop methodologies for detecting attacks and performing incident response in the ICS environment. Cornelius has continually improved these methodologies through extensive field testing and close partnership with asset owner/operators in nearly all sectors of critical infrastructure. Through this experience, Cornelius will help keep Cylance on the forefront of ICS security to better protect America's critical assets.
Derek Harp (Moderator)
Derek Harp is currently the business operations lead for the Industrial Control System (ICS) programs at SANS. Mr. Harp has served as a founder, CEO, advisor, of early stage companies for the last sixteen years with a focus on cybersecurity. Mr Harp is also a co-founder and a board member of NexDefense, Inc., a company focused on the security technology needs of ICS asset owners. Previously, He was the CEO and co-founder of LogiKeep, Inc., where he was the co-inventor of Intellishield™, a pioneer IT security product - which was subsequently acquired. Mr. Harp is a former US Navy Officer with experience in combat information management, communications security and intelligence.